European regulators are now taking a closer eye at re-examining privacy cases against Google.

In light of the recent FCC report on Google outlining the fact that the company had deliberately captured people's WiFi payload data with its roaming Street View cars, European privacy regulators now say that they feel misled by Google.

"Well, deceived is a big word—maybe somewhat duped," wrote Ulrich Kühn, a spokesperson for the Hamburg data protection authority, in an e-mail to Ars. The Hamburg DPA has led the investigation in Germany, since Google's German corporate headquarters are located there.

"Google always admitted just as much as they were forced to by hard evidence," Kühn added. (Google did not immediately respond to our request for comment.)

European data protection and privacy law is generally stricter than its American counterpart, but it has limited sanction power. Had the recently proposed revisions to EU law been in place at the time of the violation, Google would have likely been forced to pay close to $1 billion in fines.

The Hamburg DPA also said its audit of Google remains ongoing, as is a German criminal investigation. The New York Times reported that other western European data protection authorities had a similar reaction to the privacy dust-up.

Jacob Kohnstamm, chairman of the European privacy panel and the chairman of the Dutch Data Protection Authority, told the paper that many of his colleagues "feel misled by Google," adding that Google’s global privacy counsel, Peter Fleischer, spoke about the incident in the Netherlands back in 2010.

"At this hearing, Peter Fleischer made it pretty clear in his oral statement and in writing that it was the mistake of one single guy working at Google who had made a stupid mistake," Mr. Kohnstamm said. "But apparently, it wasn’t a mistake at all."

"In 2006, an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data," the company wrote at the time. "A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data."

"As early as 2007 and 2008, therefore, Street View team members had wide access to Engineer Doe's WiFi data collection design document and code, which revealed his plan to collect payload data," says the report. "One Google engineer reviewed the code line by line to remove syntax errors and bugs, and another modified the code. Five engineers pushed the code into Street View cars, and another drafted code to extract information from the WiFi data those cars were collecting."

39 Reader Comments

Have you ever wondered how Google can pinpoint your exact house location when you click on the little "my location" button in Google Maps? Wifi is a great way to broadcast your location. I noticed that following the Google Street View release in Canada, the location accuracy of my house was precise. Kind of chilling actually.

But, on another note, if we didn't have Google Street View, we would miss out on these entertaining images: http://www.streetviewfunny.com We would also miss out on high quality Google maps generated via Google Street View GPS tracks.

Google Street View release in Canada, the location accuracy of my house was precise. Kind of chilling actually.

Its only chilling if you aren't paying attention that they don't tie the AP info to you or your account specifically. Its nothing more then a AP MAC address\SSID + GPS location. A phone book contains more sensitive data about you.....now as to the data Google collected and sifted through....that is a completely different matter. I want to see App...oops sorry gut reaction. I want to see Mic....damn it did it again. *huffs* I want to see Google get the living shit slapped out of them for this.

Have you ever wondered how Google can pinpoint your exact house location when you click on the little "my location" button in Google Maps? Wifi is a great way to broadcast your location. I noticed that following the Google Street View release in Canada, the location accuracy of my house was precise. Kind of chilling actually.

Yeah, it sure is a shame Google provides a way to provide that service. Damn them for providing useful and helpful information to us! Also, Wifi doesn't broadcast your location any more than standing in the street and screaming "I AM HERE" does that. In fact, they can tie you to yourself much more easily than they can tie an SSID to a specific person.

There are 15 APs that can be seen from the street in front of my house, only 4 of them are open, and 3 of those are captive portals. I have a hard time figuring out how a car doing about 25MPH and taking pictures, could capture enough usable wireless data to even warrant somebody searching through it for something other than open Access Points. Especially considering it takes my laptop about 12 seconds to connect to the strongest one.

Not to mention that a block away most of the APs have all be replaced by new ones.

Quote:

Have you ever wondered how Google can pinpoint your exact house location when you click on the little "my location" button in Google Maps?

I've got 2 SSIDs being broadcast by 4 APs, and 5 static IP addresses for my house. There's a picture of my house on Streetview, there's a picture of me walking my dog around the corner from my house on Streetview. There's a photo of my car parked on the street in front of my house on Streetview.

Milner, the previously unnamed engineer that Google tapped to add the wardriving capabilities, went further by adding code to also record all unencrypted packets--or what's known as payload data--within range of Google's Street View cars, which he "thought might prove useful for other Google service," according to the FCC's report. Managers also signed off on these design documents, and at least one senior manager later asked the engineer to review the wardriving data set for interesting Web navigation statistics."

and

"Google employees told the FCC that anyone working full-time on the Street View project was allowed to modify the code--no approval needed--if they thought they could improve it."

I am actually stunned. I give Google a shit load of leeway on their behavior and policies. And I get with that first quote it may only be one manager. But that is a direct indication that they are more interested in results instead of ethics and morals.

And that last quote...I....who the hell runs a company like that?!?

I said this before and I will say it again: This is not the actions of a mature, company. This is the actions of a company that acts like its composed of 50 people. They are acting as if they are a 12 year old and can do whatever....its OK. This is not OK and the more I read about this

The more I go back to the 12 year old behavior. In this case. OMG we are caught! Cover it up! I have to give serious consideration as to what support I'm giving Google going forward. But really that leaves me with what? Apple? Hell no. Microsoft? They are doing better but still acting like jackasses from time to time. I guess its a matter of picking the lesser of 3 evils.

I want to see App...oops sorry gut reaction. I want to see Mic....damn it did it again. *huffs* I want to see Google get the living shit slapped out of them for this.

Full points for honesty. I think the sentiment is too strong though, unless there was some pinky-weilding evilness in the plan these guys had. Is there a clear explanation anywhere of what they thought wifi payload data was useful for?

Edit: Ah, I see you've provided a handy link while I was typing. Off to read...

The funny thing is that I remember a third party company paying people to run their Windows Mobile app (this was maybe 2005 or 2006) while driving around areas that hadn't had wifi APs mapped yet. They were trying to build a database of wireless APs in order to provide location data to devices without a GPS radio. This seems kinda similar. Logging APs provides yet another way to use existing tech to provide location based services.

Am I the only one that doesn't care? So what they got an SSID and MAC of my router. If it helps Google Maps be more accurate they could take a piss and blood sample.

Doesn't all the obfuscation and outright lying make you wonder what they were really doing?

If they were just collecting publicly broadcast SSIDs and MAC addresses, no one would care. They were getting everything they could, including if your router was not configured correctly, all your unencrypted data during whatever time they were capturing.

It's my view that those with open wireless deserve what they get, so I'm not overly concerned. But I sure would like to know what they were doing to warrant all this obstruction of investigations and lying to the public.

I want to see App...oops sorry gut reaction. I want to see Mic....damn it did it again. *huffs* I want to see Google get the living shit slapped out of them for this.

Full points for honesty. I think the sentiment is too strong though, unless there was some pinky-weilding evilness in the plan these guys had. Is there a clear explanation anywhere of what they thought wifi payload data was useful for?

Edit: Ah, I see you've provided a handy link while I was typing. Off to read...

The author of the other article uses bank passwords as a scare tactic, when those are sent over encrypted connections. The only people using unsecured login pages are typically places like popular tech news sites with latin names...

Am I the only one that doesn't care? So what they got an SSID and MAC of my router. If it helps Google Maps be more accurate they could take a piss and blood sample.

Doesn't all the obfuscation and outright lying make you wonder what they were really doing?

If they were just collecting publicly broadcast SSIDs and MAC addresses, no one would care. They were getting everything they could, including if your router was not configured correctly, all your unencrypted data during whatever time they were capturing.

It's my view that those with open wireless deserve what they get, so I'm not overly concerned. But I sure would like to know what they were doing to warrant all this obstruction of investigations and lying to the public.

I thought routers sold in Germany had to be open as to not violate Motorola Patents

If I had to guess, Google was originally trying to map open wifi hotspots for an upcoming overlap on Google Maps. This in itself isn't a bad thing if it's McDonalds and Starbucks, but home networks and router config info is definitely beyond the pale.

Even if it wasn't illegal here, it was still unethical, and possibly immoral. If all they were doing was collecting MAc addresses, for example, then that's still not what Street view should have been doing, but not such a big deal. But despite what the NY Times article said, this collection could be dangerous.

Even if Google didn't use the information officially, it could have been used by an employee. This is more information that has been gotten from the cell phone "scandal"

Am I the only one that doesn't care? So what they got an SSID and MAC of my router. If it helps Google Maps be more accurate they could take a piss and blood sample.

Doesn't all the obfuscation and outright lying make you wonder what they were really doing?

And THAT is exactly where I am right now. I've trusted Google up til now because they have yet to actually show real questionable behavior. UP til now its been purely screw ups on their part. This? This is not a screw up. This is intentional.

Normally I'm with MrSmith on this. Its a data set that isn't being used to track anything, but being used as the equivalent of a mile marker. I have no problems with that up til now....

The author of the other article uses bank passwords as a scare tactic, when those are sent over encrypted connections. The only people using unsecured login pages are typically places like popular tech news sites with latin names...

OK ignoring the "scare tactics". You can not ignore the quotes. I'm sorry the behavior on the part of Google is baffling for a company their size.

EDIT: I swear. The further I get into that document the more convinced I am that Google doesn't know what the fuck is going on in their own company. The lack of "coughing up" the documents at least on paper "feels" like a OH SHIT UMMM WHO MIGHT HAVE THAT DATA? TED? OK LETS TALK TO TED! HE ONLY HAS A COUPLE FILES? OK FINE! SEND THEM! Because each subsequent meeting more and more data appears. Is it possible this is a case of Google's internal policies and documentation is just that messed up? <----No this is NOT an excuse for them.

Am I the only one that doesn't care? So what they got an SSID and MAC of my router. If it helps Google Maps be more accurate they could take a piss and blood sample.

I wouldn't care about that either but they also hoovered up any unencrypted bit and associated them with your SSID and MAC. Thus, if you were searching for "pink and purple polka-dot bikinis" they'd know someone with your SSID and MAC was interested in such. That combined with geo and things start to get uncomfortable. It's not quite like they are rifling through your garbage without your permission but pretty close.

If I had to guess, Google was originally trying to map open wifi hotspots for an upcoming overlap on Google Maps. This in itself isn't a bad thing if it's McDonalds and Starbucks, but home networks and router config info is definitely beyond the pale.

No, it was deliberately more invasive. Think about the ads google shows in gmail based on your mail history. Most people don't care because they know google is "watching them". That's why gmail is "free". But, how about that anonymous post you made on an unencrypted website? Well, google just hoovered that up and can correlate it to you pretty closely. They might only have intended to use all the info gathered for refining search but they didn't ask. That's a big no-no in Europe.

I have a hard time understanding why anyone ever trusted Google to do the right thing...?

They are the world's largest advertising firm. Since when are ad companies anything but completely sleezey to the core? Then, multiply that by being the world's largest sleazy ad company who collects data about individuals, and you're left with nothing but lies, lies, and more lies to spin their public image.

They are so sleezy I half expect that the reason they aren't being prosecuted in the US is that they were sharing the data with Homeland Security...

I have a hard time understanding why anyone ever trusted Google to do the right thing...?

They are the world's largest advertising firm. Since when are ad companies anything but completely sleezey to the core? Then, multiply that by being the world's largest sleazy ad company who collects data about individuals, and you're left with nothing but lies, lies, and more lies to spin their public image.

They are so sleezy I half expect that the reason they aren't being prosecuted in the US is that they were sharing the data with Homeland Security...

I'd understand if you were saying this about someone like News Corp, but a handful of engineers and managers doing something downright stupid with unencrypted wifi data is not exactly on the scale of hacking into a missing child's voicemail account looking for a scoop. No, one company doing bad things does not excuse another, but your rhetoric sounds a bit overheated to me.

To begin with, would we know about this incident at all if Google hadn't ratted themselves out?

Wow people. Why are people always lining up to lynch Google? What they did wasn't illegal. They captured clear text being publicly broadcast for anyone to see. Hell, our government does this and they don't even need a warrant. And they only did it a short while. I agree, its a bit immoral, but you should be encrypting your traffic anyway. How much data do you think your ISP is collecting? Think again if you say its none.

If I had to guess, Google was originally trying to map open wifi hotspots for an upcoming overlap on Google Maps. This in itself isn't a bad thing if it's McDonalds and Starbucks, but home networks and router config info is definitely beyond the pale.

No, it was deliberately more invasive. Think about the ads google shows in gmail based on your mail history. Most people don't care because they know google is "watching them". That's why gmail is "free". But, how about that anonymous post you made on an unencrypted website? Well, google just hoovered that up and can correlate it to you pretty closely. They might only have intended to use all the info gathered for refining search but they didn't ask. That's a big no-no in Europe.

That's why I never put or post anything on the internet I don't want or mind being public.

I still see absolutely no blame here for Google. People publicly broadcasted a ton of data... Google collected bit and pieces off it, end of story.

Google didn't hack and networks, didn't crack and WEP/WPA keys it just drove around listening to unencrypted broadcasts. In fact ther is no evidence that they even realized they'd collected the data or had an plans for it. Baring evidence to the contrary, I take them at their world that they collected the data accidentally without any intent for it.

If I had to guess, Google was originally trying to map open wifi hotspots for an upcoming overlap on Google Maps. This in itself isn't a bad thing if it's McDonalds and Starbucks, but home networks and router config info is definitely beyond the pale.

No, it was deliberately more invasive. Think about the ads google shows in gmail based on your mail history. Most people don't care because they know google is "watching them". That's why gmail is "free". But, how about that anonymous post you made on an unencrypted website? Well, google just hoovered that up and can correlate it to you pretty closely. They might only have intended to use all the info gathered for refining search but they didn't ask. That's a big no-no in Europe.

That's why I never put or post anything on the internet I don't want or mind being public.

Good for you but people shouldn't have to feel like they are constantly under surveillance. It has a chilling effect on things like free speech.

Wow people. Why are people always lining up to lynch Google? What they did wasn't illegal. They captured clear text being publicly broadcast for anyone to see. Hell, our government does this and they don't even need a warrant. And they only did it a short while. I agree, its a bit immoral, but you should be encrypting your traffic anyway. How much data do you think your ISP is collecting? Think again if you say its none.

Why are people lining up to give Google a free pass? It remains to be seen whether it was illegal. It also remains to be seen whether folks had a reasonable expectation of privacy. When you are having a conversation in your house do you worry about being listened to even though you know it's technically feasible? What ISPs or the governments do is irrelevant we are talking about google.

I still see absolutely no blame here for Google. People publicly broadcasted a ton of data... Google collected bit and pieces off it, end of story.

Google didn't hack and networks, didn't crack and WEP/WPA keys it just drove around listening to unencrypted broadcasts. In fact ther is no evidence that they even realized they'd collected the data or had an plans for it. Baring evidence to the contrary, I take them at their world that they collected the data accidentally without any intent for it.

Well, they specifically said later that they did do it intentionally and wrote software to specifically do it. So how's your blind faith doing?

Wow people. Why are people always lining up to lynch Google? What they did wasn't illegal. They captured clear text being publicly broadcast for anyone to see. Hell, our government does this and they don't even need a warrant. And they only did it a short while. I agree, its a bit immoral, but you should be encrypting your traffic anyway. How much data do you think your ISP is collecting? Think again if you say its none.

Why are people lining up to give Google a free pass? It remains to be seen whether it was illegal. It also remains to be seen whether folks had a reasonable expectation of privacy. When you are having a conversation in your house do you worry about being listened to even though you know it's technically feasible? What ISPs or the governments do is irrelevant we are talking about google.

If you are in your house screaming at your wife and I am on the street and can hear you, you have no expectation of privacy. If you are broadcasting your traffic in plain text for the world to see, you have no expectation of privacy. Check with the FCC. It is perfectly legal to have any device that is capable or receiving transmissions of any kind. You aren't allowed to transmit necessarily, but there is no law against listening. Hence police band scanners and HAM radios and such. Anyone can own them and listen. At least in this country. I don't know what Germany thinks about all this.

Wow people. Why are people always lining up to lynch Google? What they did wasn't illegal. They captured clear text being publicly broadcast for anyone to see. Hell, our government does this and they don't even need a warrant. And they only did it a short while. I agree, its a bit immoral, but you should be encrypting your traffic anyway. How much data do you think your ISP is collecting? Think again if you say its none.

Why are people lining up to give Google a free pass? It remains to be seen whether it was illegal. It also remains to be seen whether folks had a reasonable expectation of privacy. When you are having a conversation in your house do you worry about being listened to even though you know it's technically feasible? What ISPs or the governments do is irrelevant we are talking about google.

If you are in your house screaming at your wife and I am on the street and can hear you, you have no expectation of privacy. If you are broadcasting your traffic in plain text for the world to see, you have no expectation of privacy. Check with the FCC. It is perfectly legal to have any device that is capable or receiving transmissions of any kind. You aren't allowed to transmit necessarily, but there is no law against listening. Hence police band scanners and HAM radios and such. Anyone can own them and listen. At least in this country. I don't know what Germany thinks about all this.

Do you have a link? The last I heard there was some question as to whether the "average person" would have an expectation of privacy as opposed to someone more familiar with networks (who would not be an average person).

I have a hard time understanding why anyone ever trusted Google to do the right thing...?

They are the world's largest advertising firm. Since when are ad companies anything but completely sleezey to the core? Then, multiply that by being the world's largest sleazy ad company who collects data about individuals, and you're left with nothing but lies, lies, and more lies to spin their public image.

They are so sleezy I half expect that the reason they aren't being prosecuted in the US is that they were sharing the data with Homeland Security...

I'd understand if you were saying this about someone like News Corp, but a handful of engineers and managers doing something downright stupid with unencrypted wifi data is not exactly on the scale of hacking into a missing child's voicemail account looking for a scoop. No, one company doing bad things does not excuse another, but your rhetoric sounds a bit overheated to me.

To begin with, would we know about this incident at all if Google hadn't ratted themselves out?

It's a lot more than that. When Schmitt was still CEO he made a lot of spooky statements to the press, and in speeches. The one that always bothered me the most, and correlates with what has happened in Streetview, and their other initiatives such as the requirement of real names in Google+, for example, was his speech where he said that soon, Google would not only know what you wanted before you did, but that it would make a decision for you before you knew you wanted to make it.

That worries me a lot. Sure, once he's told that these statements are bothersome, he backtracks a bit. But it's not what someone backtracks to, it's the original statement that really shows what they're thinking. It's like a drunk person insulting you in some serious way, and then apologizing the next day. You KNOW he meant what he said, despite his apology.

Google is like that, and they've been getting a pass for years now. It's about time that stops.

I have a hard time understanding why anyone ever trusted Google to do the right thing...?

They are the world's largest advertising firm. Since when are ad companies anything but completely sleezey to the core? Then, multiply that by being the world's largest sleazy ad company who collects data about individuals, and you're left with nothing but lies, lies, and more lies to spin their public image.

They are so sleezy I half expect that the reason they aren't being prosecuted in the US is that they were sharing the data with Homeland Security...

I'd understand if you were saying this about someone like News Corp, but a handful of engineers and managers doing something downright stupid with unencrypted wifi data is not exactly on the scale of hacking into a missing child's voicemail account looking for a scoop. No, one company doing bad things does not excuse another, but your rhetoric sounds a bit overheated to me.

To begin with, would we know about this incident at all if Google hadn't ratted themselves out?

It's a lot more than that. When Schmitt was still CEO he made a lot of spooky statements to the press, and in speeches. The one that always bothered me the most, and correlates with what has happened in Streetview, and their other initiatives such as the requirement of real names in Google+, for example, was his speech where he said that soon, Google would not only know what you wanted before you did, but that it would make a decision for you before you knew you wanted to make it.

That worries me a lot. Sure, once he's told that these statements are bothersome, he backtracks a bit. But it's not what someone backtracks to, it's the original statement that really shows what they're thinking. It's like a drunk person insulting you in some serious way, and then apologizing the next day. You KNOW he meant what he said, despite his apology.

Google is like that, and they've been getting a pass for years now. It's about time that stops.

You see, I've been saying this for a couple years now. I use Google services but I don't trust this company. I like their mantra of "Don't be Evil", but time and again, they seem to have "innocent mistakes" that really should no tbe happening with a company of their size (and publically listed to boot).

They are anything but "Don't be evil". They're sneaky, they know it, bu tthey keep repeating "don't be evil" because it will sink in to the public & press.

Google is just all over the place, and like stated above, it acts like a very immature company (when it isn't). It does what it wants, when it wants and frankly they can't be arsed about the ethics of it because ppl give them a free pass.